A vulnerability in the upgrade process of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device.
This vulnerability exists because the application loads a DLL file from a user-writable directory. An attacker could exploit this vulnerability by copying a malicious DLL file to a specific directory. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid credentials on the Windows system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.